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REMARKS 

The drawing was objected to, and the specification was objected to because of 
errors in FIG. 2. The errors are corrected. The Examiner's approval of the enclosed 
amended drawings is respectfully requested. 

The specification was objected to because it allegedly contains hyperlinks (as 
defined by the MPEP). This amendment removes those hyperlinks. 

Claim 23 was objected to because of a typographical error. The error is corrected 
herein to overcome the objection. 

Claims 1-23 were rejected under 35 USC 112, second paragraph, for being 
indefinite. Applicants respectftilly traverse. 

In connection with claim 1 the Examiner asserts that the phrase "can forward" 
makes the claim indefinite. Applicants respectftilly disagree but in order to advance 
prosecution, claim 1 is amended herein to remove the "can forward" language. In 
connection with claim 23, however, applicants decline to remove this language because, 
respectfially, applicants believe the Examiner is basically in error. 

The Examiner states that such language is acceptable in an apparatus claim 
because it implies configuration, or system ability, but that such language is not 
acceptable in a method claim. 

First, applicants are not aware of any Statute, Rule or even MPEP section that 
prohibits such language in a method claim. Second, the Examiner is correct that such 
language is acceptable in an apparatus claim because it implies configuration, but it is 
respectftilly submitted that such language is acceptable because it is acceptable relative 
to the element of the apparatus claim, and not because the claim is an apparatus claim. 
Applicants would agree with the Examiner's statement regarding method claims if a step 
of a method were couched with the term "can" used so that it would allow the step to be 
taken or not taken. That would make the claim indefinite; but that is not the case at hand. 
Rather, in the case at hand the phrase "can forward" applies to the data connection , and a 
data connection is a physical element - not any different from a physical element in an 
apparatus claim. 

Put another way, applicants believe their invention to include the step of 
establishing a particular type data connection - one that can forward requests. Anyone 
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who performs this step (and all of the other steps of the claim) should be declared an 
infringer independently of whether the established data connection does in fact forward 
requests . 

Put yet another way, it is respectfully submitted that no artisan would find the 
claim indefinite regarding the nature of the proscribed step (of establishing a data 
connection). 

Conversely, forcing applicants to amend claim 1 as suggested by the Examiner 
would make the claim unnecessarily narrower. 

In short, applicants respectfiilly submit that claim 23 is in compliance of 35 USC 
1 12, second paragraph. 

As for claim 1 1, it is amended to comport with the Examiner's interpretation of 
the term "resource" (document, database, server, a computer, etc.). 

Claims 1 was rejected under 35 USC 101 as being directed to non-statutory 
subject matter. Applicants respectfully traverse. 

1 . The claimed method (both prior to the current amendment, and as currently 
amended) is not a series of steps executed in a computer. Hence, the question of 
whether there is a post-computer process activity or pre-computer process activity 
simply has no relevance here because there is no "computer process" in the first 
place. 

2. The claimed method involves a plurality of physical elements (at least a first 
proxy, a firewall, a second proxy), and messages flowing between the elements; 
not unlike most other physical arrangements. 

3. Put very simply: the claimed invention is not a "computer-related" invention. 

4. A concrete beneficial result accrues from the claimed method; to wit, without the 
claimed method a firewall prevents access to resources behind the firewall, and 
with the claimed method such access might be obtained. 

5. No algorithm whatsoever is defined in the claim. 

Respectfully, there is not a single indicium in the claim that suggests even the possibility 
that a 35 USC 101 rejection would be appropriate. 
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The Examiner states that "the results are not communicated to the user." 
Respectfully, that is not relevant. First, no "results" in any algorithmic sense are 
provided by the claimed method. The only result is the establishment of a physical 
arrangement with a firewall that allows authenticated clients to gain access to a server on 
the protected side of the firewall. Second, there is no requirement in the law that a result 
must be communicated to a user/client in order for the claim to pass muster under 35 
use 101. It is respectfully submitted, therefore, that claim 1 is not in violation of 35 
use 101. 

Claims 1-2, 6, 8-10, 14-15, and 17-18 were rejected under 35 USC 102 as being 
anticipated by Brownell, US Patent 6,754,831 . Applicants respectfully traverse. 

First, the Examiner asserts that the first proxy limitation of claim 1 is met by 

socket 367, and in support of this assertion the Examiner points to FIG. 3, and to col. 7, 

lines 61-63. FIG. 3 shows socket 367 to reside within host 350. Col. 7, lines 61-63 state: 

Firewall 330, host 310, host 313, host 314, host 316, and extemal host 
350 are each associated with a network address, such as an Internet 
Protocol ("IP") address. 

Clearly, this passage teaches that host 350 has an IP address, but it does not teach that 

socket 367 has an IP address. Therefore, claim 1, even before its currently amended form 

is not anticipated by Brownell. 

Second, the Examiner asserts that the step of sending a connection request over a 

control channel that was previously established by a second proxy is met by inside 

channel 343 being the connection and tunnel 341 being the second proxy. Respectfully, 

this correspondence does not hold. A tuimel is a communication concept of sending 

packaged information within a packet. Whether the tunnel is considered a concept or 

considered as a concrete "packet within a packet," it is not a "proxy" by the normal, 

commonly accepted notion of a proxy, or by the use of the term "proxy" in applicants' 

disclosure. In webopedia.com the term "proxy server" is defined as 

a server that sits between a client application, such as a web browser, 
and a real server. It intercepts all requests to the real server to see if it 
can fulfill the requests itself If not, it forwards the request to the real 
server 

Replacing the term "server" with a "module" (to make the definition more general) still 
requires a module that 
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intercepts all requests to the real server to see if it can fulfill the 
requests itself. If not, it forwards the request to the real server 

Clearly this definition does not encompass the notion of a tunnel and, therefore a tunnel is 

not a "proxy." Moreover, the "inside channel" is not a control channel that was 

"previously established by a second proxy" because there is no teaching that it is 

previously established by anything that might be considered a proxy, and it certainly was 

not established by tunnel 341. Hence, it is respectfully submitted that claim 1, even prior 

to its currently amended form, was not anticipated by Brownell. 

All this is by way of demonstrating that claim 1 is amended herein for reasons 
other than an effort to overcome the prior art. As indicated above, claim 1 is amended in 
response to the Examiner's suggestion that the "can forward" language be removed; and 
also to more clearly define the invention. 

As amended, claim 1 specifies that the first proxy is within the arrangement that 
includes the firewall, and clearly socket 361 is not within the arrangement that includes 
the firewall but, rather, is in the external host 350. No proxy that corresponds to the first 
proxy of claim 1 is found in Brownell. Moreover, amended claim 1 specifies that the 
control channel is controlled by a second proxy, which is on the inside - or protected - 
side of the firewall. Again, no such second proxy is found in Brownell, and no control 
channel is described that is controlled by the second proxy. Lastly, amended claim 1 
specifies that a data connection is established by the second proxy, and this connection is 
distinct from the control channel. Nothing like that is described by Brownell. In short, 
amended claim 1 at least as patentable over the Brownell reference as the unamended 
claim 1 was. The claims that depend on amended claim 1 are likewise not anticipated by 
Brownell. 

Claims 3-5, 7, 1 1-12, 16, and 23 were rejected under 35 USC 103 as being 
unpatentable over Brownell in view of Smith et al, US Patent 6,578,078. Applicants 
respectfully traverse. 

As for claims 3-5, 7, and 16, applicants note that they depend on claim 1, and that 
the Smith et al reference is not cited for teachings that, as noted above, are missing in the 
Brownell reference; and indeed it does not provide those teachings. Consequently, 3-5, 
7, and 16, are not obvious in view of Brownell in combination with Smith et al. 
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Claim 1 1 is an independent method claim. It contains only three steps, and the 

Examiner admits that Brownell does not teach any of the three steps. What is left, then, 

is that the entirety of the claimed method is NOT taught by the Brownell reference. The 

Examiner asserts, however, that the Smith et al reference teaches these three steps and 

that, somehow, it is obvious to import the method of claim 1 1, in its entirety from Smith 

et al into the Brownell reference. Applicants respectfully disagree on two basic counts. 

First, even if Smith et al taught the claimed method it is not obvious to import an entire 

method that is missing in Brownell, and where there is nothing to suggest such a method, 

from the Smith et al reference. Second, Smith et al do not teach that method. As to the 

second points, to illustrate, the Examiner asserts claim 1 1 comprises a step of 

parsing information of a resource to identify therein hyperlinks that 
point to-resources behind a firewall 

The Examiner points to col. 11, lines 48-63 and col. 17, lines 10-20. Respectfully, these 

f passages do not teach or suggest this limitation. The first passage merely teaches the use 

of an indirection table with entries that map a URL to each resource, so that the resource 

can be fetched when requested. There is no mention of parsing of information at all, and 

there is no mention of a firewall. The second passage, likewise, does not mention 

parsing, and does not mention a firewall. Indeed the words "parse'' and "firewall" are not 

found anywhere in the Smith et al reference. 

The second and third steps of claim 1 1 specify the step of 

rewriting said hyperlinks to point to a proxy enabled to access said 
resources behind the firewall 

transmitting said information of the resource with the rewritten 
hyperlinks to the client. 

The Examiner points to the updating of hyperlink of resources when documents are 

moved to another location within the system, and to the transmitting of the resource 

when, at any time thereafter it is requested. This is wholly different from the steps of the 

claim 1 1 method. In the Smith et al reference, the updating is done only when the 

document is moved to a different permanent location, i.e., triggered by the move . The 

transmitting is a totally separate action, and it is tri^sered by a request for the previously 

moved document. The method of claim 1 1, in contradistinction, is not triggered by any 

change in the permanent location of the document, but rather is triggered by a request for 
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the document, and the hyperlinks of the transmitted document are rewritten. Nothing is 
mentioned about any altering of the stored document. Hence, it is respectfully submitted 
that Smith et al do not teach the three steps of claim 1 1 , there is no suggestion is 
Brownell to import the teachings of Smith et al, and even if those teachings are imported, 
the method of claim 1 1 would still not result. Therefore, it is believed that claim 1 1 is not 
obvious in view of Brownell and Smith et al. 

As for claim 23, applicants respectfully direct the Examiner's attention to the 
arguments above regarding claim 1, and note that the Smith et al reference - which is 
cited for the teachings of web pages - does not teach the claim 23 limitations that 
Brownell fails to teach. 

Claims 19-22 were rejected under 35 USC 103 as being unpatentable over 

Brownell in view of Smith et al and further in view of Crichton et al, US Patent 

6,104,716. Applicants respectfully traverse. First, it is respectfully submitted that, just as 

in connection with earlier comments, the teachings of Crichton et al do not supply that 

which is missing in the Brownell and Smith et al combination of references. Therefore, 

claims 19-22 are believed to be not obvious in view of the combination of Brownell, 

Smith et al and Crichton et al. Second, at least some of the claims contain limitations that 

are not described by Crichton. For example, claim 22 specifies that the 

control channel is maintained by periodically one of the proxies 
sending a command that requests a response from the other of said 
proxies 

In support of the assertion that Crichton et al teach this limitation the Examiner points to 

col. 6 line 62 through col. 7 line 19. The cited passage states: 

PROPERTY_EXCHANGE - This mechanism allows for end proxies 
to exchange information about themselves. 

CONNECTION^REQUEST - This request allows one end proxy to 
notify the other end proxy that a client application is requesting tunnel 
resources to be allocated for use by the client application. Requested 
resources may include "multiplexed" charmels on an existing tunnel 
connection or new tunnel connections in addition to established tunnel 
connections. 

CONNECTION_ACK and CONNECTION_NACK - These responses 
allow the proxy receiving a CONNECTION_REQUEST to either 
accept or deny the request for tunnel resources. 
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SERVICE_BEGIN_REQUEST This request allows an end proxy to 
notify the other end proxy that an application is beginning to send data 
and therefore use the tunnel resources that have been requested and/or 
allocated. 

SERVICE_BEGIN_ACK and SERVICE_BEGIN_NACK These 
responses allow an end proxy to accept or deny an application's request 
to begin using resources that have been allocated. 

While this passage teaches about various messages, it does not teach anything about 

maintaining a connection. It is respectfully submitted, therefore, that the claim 22 

limitation is wholly absent from the Crichton et al reference: 

In light of the above amendments and remarks, applicants respectfully submit that 

all of the Examiner's objections and rejections have been overcome. Reconsideration 

and allowance are respectfully solicited. 




Respectfully, 
Christian A. Gilmore 
David P. Kormann 
Aviel D. Rubin 




Henry T. Hrendzel ^ 
Reg. No./6,844 
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Fax (973)467-6589 
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